General
-
Target
2c9c9a90e7adc3c9726d90c1cb0b174573a5a976cb3537d24201651158504014
-
Size
305KB
-
Sample
230207-bbyvpsgg52
-
MD5
b0a522ce1c7f4bb5460c1579cc94c8b9
-
SHA1
09c2be0481136b3ba1b18288e924c19811d8ba85
-
SHA256
2c9c9a90e7adc3c9726d90c1cb0b174573a5a976cb3537d24201651158504014
-
SHA512
4954a22d1ef374541565efc35f61e4bf01332c110a9f511c091c18602a674dcd7f10921c869596d873fd389bdcf0d0eca5bbee01f3e97f5977b5185295cf0805
-
SSDEEP
3072:S5UueM5x5mL905+Xx/5+L/zp9kzXR/E9bX4Dr1ZhPf/7a46ndtrQzePCi/cs:mxeMP5p+h/5+L/AXhE9LorrhHDyx
Static task
static1
Behavioral task
behavioral1
Sample
2c9c9a90e7adc3c9726d90c1cb0b174573a5a976cb3537d24201651158504014.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2c9c9a90e7adc3c9726d90c1cb0b174573a5a976cb3537d24201651158504014.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.mgcpakistan.com/ - Port:
21 - Username:
[email protected] - Password:
boygirl123456
Targets
-
-
Target
2c9c9a90e7adc3c9726d90c1cb0b174573a5a976cb3537d24201651158504014
-
Size
305KB
-
MD5
b0a522ce1c7f4bb5460c1579cc94c8b9
-
SHA1
09c2be0481136b3ba1b18288e924c19811d8ba85
-
SHA256
2c9c9a90e7adc3c9726d90c1cb0b174573a5a976cb3537d24201651158504014
-
SHA512
4954a22d1ef374541565efc35f61e4bf01332c110a9f511c091c18602a674dcd7f10921c869596d873fd389bdcf0d0eca5bbee01f3e97f5977b5185295cf0805
-
SSDEEP
3072:S5UueM5x5mL905+Xx/5+L/zp9kzXR/E9bX4Dr1ZhPf/7a46ndtrQzePCi/cs:mxeMP5p+h/5+L/AXhE9LorrhHDyx
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-